Gentoo Archives: gentoo-user-hu

From: cjvt <cjvt@××××××××.hu>
To: gentoo-user-hu@l.g.o
Subject: Re: [gentoo-user-hu] sshd reverse mapping problema
Date: Tue, 13 Mar 2007 15:00:39
Message-Id: 200703131559.57511.cjvt@inebhedj.hu
In Reply to: Re: [gentoo-user-hu] sshd reverse mapping problema by Aleph
es tenyleg. :)
thx


2007. március 13. dátummal Aleph ezt írta:
> Most nincs engedélyezve az egyik azonosítási mód sem. :-) > Ajánlom: > http://www.gentoo.org/doc/hu/security/security-handbook.xml?part=1&chap=10# >doc_chap11 > > Aleph > > 2007/3/13, cjvt <cjvt@××××××××.hu>: > > $ cat sshd_config > > > > # $OpenBSD: sshd_config,v 1.74 2006/07/19 13:07:10 dtucker Exp $ > > > > # This is the sshd server system-wide configuration file. See > > # sshd_config(5) for more information. > > > > # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin > > > > # The strategy used for options in the default sshd_config shipped with > > # OpenSSH is to specify options with their default value where > > # possible, but leave them commented. Uncommented options change a > > # default value. > > > > Port 225 > > Protocol 2 > > #AddressFamily any > > #ListenAddress 0.0.0.0 > > #ListenAddress :: > > > > # HostKey for protocol version 1 > > #HostKey /etc/ssh/ssh_host_key > > # HostKeys for protocol version 2 > > #HostKey /etc/ssh/ssh_host_rsa_key > > #HostKey /etc/ssh/ssh_host_dsa_key > > > > # Lifetime and size of ephemeral version 1 server key > > #KeyRegenerationInterval 1h > > #ServerKeyBits 768 > > > > # Logging > > # obsoletes QuietMode and FascistLogging > > #SyslogFacility AUTH > > #LogLevel INFO > > > > # Authentication: > > > > #LoginGraceTime 2m > > PermitRootLogin no > > #StrictModes yes > > #MaxAuthTries 6 > > > > #RSAAuthentication yes > > #PubkeyAuthentication yes > > #AuthorizedKeysFile .ssh/authorized_keys > > > > # For this to work you will also need host keys in > > /etc/ssh/ssh_known_hosts > > #RhostsRSAAuthentication no > > # similar for protocol version 2 > > #HostbasedAuthentication no > > # Change to yes if you don't trust ~/.ssh/known_hosts for > > # RhostsRSAAuthentication and HostbasedAuthentication > > #IgnoreUserKnownHosts no > > # Don't read the user's ~/.rhosts and ~/.shosts files > > #IgnoreRhosts yes > > > > # To disable tunneled clear text passwords, change to no here! > > PasswordAuthentication no > > #PermitEmptyPasswords no > > > > # Change to no to disable s/key passwords > > #ChallengeResponseAuthentication yes > > > > # Kerberos options > > #KerberosAuthentication no > > #KerberosOrLocalPasswd yes > > #KerberosTicketCleanup yes > > #KerberosGetAFSToken no > > > > # GSSAPI options > > #GSSAPIAuthentication no > > #GSSAPICleanupCredentials yes > > > > # Set this to 'yes' to enable PAM authentication, account processing, > > # and session processing. If this is enabled, PAM authentication will > > # be allowed through the ChallengeResponseAuthentication and > > # PasswordAuthentication. Depending on your PAM configuration, > > # PAM authentication via ChallengeResponseAuthentication may bypass > > # the setting of "PermitRootLogin without-password". > > # If you just want the PAM account and session checks to run without > > # PAM authentication, then enable this but set PasswordAuthentication > > # and ChallengeResponseAuthentication to 'no'. > > UsePAM no > > > > #AllowTcpForwarding yes > > #GatewayPorts no > > #X11Forwarding no > > #X11DisplayOffset 10 > > #X11UseLocalhost yes > > #PrintMotd yes > > #PrintLastLog yes > > #TCPKeepAlive yes > > #UseLogin no > > #UsePrivilegeSeparation yes > > #PermitUserEnvironment no > > #Compression delayed > > #ClientAliveInterval 0 > > #ClientAliveCountMax 3 > > UseDNS no > > #PidFile /var/run/sshd.pid > > #MaxStartups 10 > > #PermitTunnel no > > > > # no default banner path > > #Banner /some/path > > > > # override default of no subsystems > > Subsystem sftp /usr/lib64/misc/sftp-server > > > > # Example of overriding settings on a per-user basis > > #Match User anoncvs > > # X11Forwarding no > > # AllowTcpForwarding no > > # ForceCommand cvs server > > > > > > vt > > > > 2007. március 13. dátummal Aleph ezt írta: > > > A baj az, hogy a jelszavas azonosítás nincs engedélyezve, de elvárja. > > > > Ezért > > > > > a public-key sikeressége után elutasít. Ha minden igaz akkor a > > > configfile-ban nincs kommentelve a pam-ot engedélyező sor. > > > > > > Aleph > > > > > > 2007/3/13, cjvt <cjvt@××××××××.hu>: > > > > udv Mindenki, > > > > > > > > Van egy olyan problemam, hogy nem tudom mi okbol, de az sshd > > > > eltanacsol: > > > > Ha a kliensen (ubuntu - 192.168.1.1) probalkozom, ez az eredmeny: > > > > > > > > $ ssh user@192.168.1.50 -p 225 -v > > > > > > > > OpenSSH_4.3p2 Debian-5ubuntu1, OpenSSL 0.9.8b 04 May 2006 > > > > debug1: Reading configuration data /etc/ssh/ssh_config > > > > debug1: Applying options for * > > > > debug1: Connecting to 192.168.1.50 [192.168.1.50] port 225. > > > > debug1: Connection established. > > > > debug1: identity file /home/user/.ssh/identity type -1 > > > > debug1: identity file /home/user/.ssh/id_rsa type -1 > > > > debug1: identity file /home/user/.ssh/id_dsa type -1 > > > > debug1: Remote protocol version 2.0, remote software version > > > > OpenSSH_4.6 > > > > > > debug1: match: OpenSSH_4.6 pat OpenSSH* > > > > debug1: Enabling compatibility mode for protocol 2.0 > > > > debug1: Local version string SSH-2.0-OpenSSH_4.3p2 Debian-5ubuntu1 > > > > debug1: SSH2_MSG_KEXINIT sent > > > > debug1: SSH2_MSG_KEXINIT received > > > > debug1: kex: server->client aes128-cbc hmac-md5 none > > > > debug1: kex: client->server aes128-cbc hmac-md5 none > > > > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > > > > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > > > > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > > > > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > > > > debug1: Host '192.168.1.50' is known and matches the RSA host key. > > > > debug1: Found key in /home/user/.ssh/known_hosts:1 > > > > debug1: ssh_rsa_verify: signature correct > > > > debug1: SSH2_MSG_NEWKEYS sent > > > > debug1: expecting SSH2_MSG_NEWKEYS > > > > debug1: SSH2_MSG_NEWKEYS received > > > > debug1: SSH2_MSG_SERVICE_REQUEST sent > > > > debug1: SSH2_MSG_SERVICE_ACCEPT received > > > > debug1: Authentications that can continue: publickey > > > > debug1: Next authentication method: publickey > > > > debug1: Trying private key: /home/user/.ssh/identity > > > > debug1: Trying private key: /home/user/.ssh/id_rsa > > > > debug1: Trying private key: /home/user/.ssh/id_dsa > > > > debug1: No more authentication methods to try. > > > > Permission denied (publickey). > > > > > > > > > > > > a szerver (gentoo - 192.168.1.50) ugyanakkor ezt mondja a lognak: > > > > > > > > > > > > reverse mapping checking getaddrinfo for server [192.168.1.1] failed > > > > - POSSIBLE BREAK-IN ATTEMPT! > > > > > > > > valaki tudja, mit editaltam tonkre? ;) > > > > > > > > vt > > > > -- > > > > gentoo-user-hu@g.o mailing list > > > > -- > > gentoo-user-hu@g.o mailing list
-- gentoo-user-hu@g.o mailing list